use Authen::Passphrase;
use Authen::Passphrase::BlowfishCrypt;
-use Bytes::Random::Secure qw//;
-use Carp qw/croak/;
+use Data::Entropy qw/entropy_source/;
+use Data::Entropy::Source;
+use Data::Entropy::RawSource::Local;
+use Carp qw/carp croak/;
use DBI;
use Digest::SHA qw/hmac_sha1_base64 sha256/;
use Email::Simple;
use Plack::Request;
use Tie::Hash::Expire;
+sub make_entropy_source {
+ if (-e '/dev/urandom') {
+ Data::Entropy::Source->new(
+ Data::Entropy::RawSource::Local->new('/dev/urandom'),
+ 'sysread'
+ )
+ } else {
+ carp "/dev/urandom not found, using insecure random source\n";
+ entropy_source
+ }
+}
+
sub default_opts {(
dbi_connect => ['dbi:Pg:', '', ''],
select_user => 'SELECT passphrase, email FROM users WHERE id = ?',
my ($class, $opts) = @_;
my %self = $class->default_opts;
%self = (%self, %$opts);
+ $self{entropy_source} //= make_entropy_source;
my $self = bless \%self, $class;
$self
}
sub make_reset_hmac {
my ($self, $username, @data) = @_;
- $self->{hmackey} //= Bytes::Random::Secure->new(NonBlocking => 1)->bytes(512); # uncoverable condition false
+ $self->{hmackey} //= $self->{entropy_source}->get_bits(8 * 512); # uncoverable condition false
my $user = $self->get_user($username);
my $message = join ' ', $username, $user->{passphrase}, @data;
hmac_sha1_base64 $message, $self->{hmackey};
Arrayref of arguments to pass to DBI->connect. Defaults to
C<['dbi:Pg', '', '']>.
+=item entropy_source
+
+C<Data::Entropy::Source> object to get random numbers from. By default
+uses F</dev/urandom> via C<Data::Entropy::RawSource::Local> if
+possible, or the default entropy source otherwise. A warning is
+printed if the default entropy source is used, to supress it set this
+argument to the default entropy source.
+
=item post_connect_cb
Callback (coderef) that is called just after connecting to the
projects / plack-middleware-auth-complex.git / commitdiff